pi-landstrip 0.1.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/index.ts +30 -2
- package/package.json +1 -1
- package/sandbox.json +33 -2
package/README.md
CHANGED
|
@@ -11,7 +11,7 @@ Install `landstrip` and make sure it is on the `PATH` used to launch pi:
|
|
|
11
11
|
cargo install landstrip
|
|
12
12
|
```
|
|
13
13
|
|
|
14
|
-
`landstrip`
|
|
14
|
+
`landstrip` supports Linux, macOS, and Windows. On other platforms this extension loads
|
|
15
15
|
but leaves sandboxing disabled.
|
|
16
16
|
|
|
17
17
|
## Install
|
package/index.ts
CHANGED
|
@@ -72,6 +72,9 @@ interface LandstripPolicy {
|
|
|
72
72
|
filesystem: SandboxFilesystemConfig;
|
|
73
73
|
}
|
|
74
74
|
|
|
75
|
+
const LANDSTRIP_VERSION = [0, 8, 3] as const;
|
|
76
|
+
const SUPPORTED_PLATFORMS = new Set<NodeJS.Platform>(['linux', 'darwin', 'win32']);
|
|
77
|
+
|
|
75
78
|
const DEFAULT_CONFIG: SandboxConfig = {
|
|
76
79
|
enabled: true,
|
|
77
80
|
network: {
|
|
@@ -97,7 +100,7 @@ const DEFAULT_CONFIG: SandboxConfig = {
|
|
|
97
100
|
},
|
|
98
101
|
filesystem: {
|
|
99
102
|
denyRead: ['/Users', '/home'],
|
|
100
|
-
allowRead: ['.', '~/.config', '~/.local', '~/.cargo'],
|
|
103
|
+
allowRead: ['.', '~/.config', '~/.gitconfig', '~/.local', '~/.cargo'],
|
|
101
104
|
allowWrite: ['.', '/tmp'],
|
|
102
105
|
denyWrite: ['.env', '.env.*', '*.pem', '*.key'],
|
|
103
106
|
},
|
|
@@ -475,6 +478,24 @@ function landstripVersion(command: string): string | null {
|
|
|
475
478
|
return result.stdout.trim();
|
|
476
479
|
}
|
|
477
480
|
|
|
481
|
+
function parseVersion(version: string): [number, number, number] | null {
|
|
482
|
+
const match = version.match(/\b(\d+)\.(\d+)\.(\d+)\b/);
|
|
483
|
+
if (!match) return null;
|
|
484
|
+
return [Number(match[1]), Number(match[2]), Number(match[3])];
|
|
485
|
+
}
|
|
486
|
+
|
|
487
|
+
function hasMinimumVersion(version: string, minimum: readonly [number, number, number]): boolean {
|
|
488
|
+
const parsed = parseVersion(version);
|
|
489
|
+
if (!parsed) return false;
|
|
490
|
+
|
|
491
|
+
for (let i = 0; i < minimum.length; i++) {
|
|
492
|
+
if (parsed[i] > minimum[i]) return true;
|
|
493
|
+
if (parsed[i] < minimum[i]) return false;
|
|
494
|
+
}
|
|
495
|
+
|
|
496
|
+
return true;
|
|
497
|
+
}
|
|
498
|
+
|
|
478
499
|
function proxyEnv(env: NodeJS.ProcessEnv | undefined, port: number): NodeJS.ProcessEnv {
|
|
479
500
|
const url = `http://127.0.0.1:${port}`;
|
|
480
501
|
|
|
@@ -928,7 +949,7 @@ export default function (pi: ExtensionAPI) {
|
|
|
928
949
|
function enableSandbox(ctx: ExtensionContext): boolean {
|
|
929
950
|
const config = loadConfig(ctx.cwd);
|
|
930
951
|
|
|
931
|
-
if (process.platform
|
|
952
|
+
if (!SUPPORTED_PLATFORMS.has(process.platform)) {
|
|
932
953
|
sandboxEnabled = false;
|
|
933
954
|
sandboxReady = false;
|
|
934
955
|
ctx.ui.notify(`landstrip sandboxing is not supported on ${process.platform}`, 'warning');
|
|
@@ -943,6 +964,13 @@ export default function (pi: ExtensionAPI) {
|
|
|
943
964
|
return false;
|
|
944
965
|
}
|
|
945
966
|
|
|
967
|
+
if (!hasMinimumVersion(version, LANDSTRIP_VERSION)) {
|
|
968
|
+
sandboxEnabled = false;
|
|
969
|
+
sandboxReady = false;
|
|
970
|
+
ctx.ui.notify(`landstrip 0.8.3 or newer is required; found: ${version}`, 'error');
|
|
971
|
+
return false;
|
|
972
|
+
}
|
|
973
|
+
|
|
946
974
|
sandboxEnabled = true;
|
|
947
975
|
sandboxReady = true;
|
|
948
976
|
warnIfAllDomainsAllowed(ctx, config);
|
package/package.json
CHANGED
package/sandbox.json
CHANGED
|
@@ -7,9 +7,15 @@
|
|
|
7
7
|
"allowedDomains": [
|
|
8
8
|
"github.com",
|
|
9
9
|
"*.github.com",
|
|
10
|
+
"api.github.com",
|
|
10
11
|
"raw.githubusercontent.com",
|
|
12
|
+
"objects.githubusercontent.com",
|
|
13
|
+
"codeload.github.com",
|
|
11
14
|
"registry.npmjs.org",
|
|
15
|
+
"npmjs.org",
|
|
12
16
|
"*.npmjs.org",
|
|
17
|
+
"nodejs.org",
|
|
18
|
+
"*.nodejs.org",
|
|
13
19
|
"crates.io",
|
|
14
20
|
"*.crates.io",
|
|
15
21
|
"static.crates.io"
|
|
@@ -18,8 +24,33 @@
|
|
|
18
24
|
},
|
|
19
25
|
"filesystem": {
|
|
20
26
|
"denyRead": ["/home"],
|
|
21
|
-
"allowRead": [
|
|
22
|
-
|
|
27
|
+
"allowRead": [
|
|
28
|
+
".",
|
|
29
|
+
"/tmp",
|
|
30
|
+
"/var/tmp",
|
|
31
|
+
"/dev/null",
|
|
32
|
+
"~/.config",
|
|
33
|
+
"~/.gitconfig",
|
|
34
|
+
"~/.local",
|
|
35
|
+
"~/.cargo",
|
|
36
|
+
"~/.rustup",
|
|
37
|
+
"~/.npm",
|
|
38
|
+
"~/.cache",
|
|
39
|
+
"~/.bun",
|
|
40
|
+
"~/.node-gyp"
|
|
41
|
+
],
|
|
42
|
+
"allowWrite": [
|
|
43
|
+
".",
|
|
44
|
+
"/tmp",
|
|
45
|
+
"/var/tmp",
|
|
46
|
+
"/dev/null",
|
|
47
|
+
"~/.cargo",
|
|
48
|
+
"~/.rustup",
|
|
49
|
+
"~/.npm",
|
|
50
|
+
"~/.cache",
|
|
51
|
+
"~/.bun",
|
|
52
|
+
"~/.node-gyp"
|
|
53
|
+
],
|
|
23
54
|
"denyWrite": [".env", ".env.*", "*.pem", "*.key"]
|
|
24
55
|
}
|
|
25
56
|
}
|